Running as a non-administrator user

You can run the monitoring agent for Microsoft SQL Server as a non-administrator user.

About this task

The Microsoft SQL Server agent can be run as a non-administrator user.

Procedure

  1. Create a user.
  2. Add the newly created user in the SQL Server Login user group. The user should have sysadmin SQL Server role permission on the SQL Server. To check minimum permissions, see the https://www.ibm.com/support/knowledgecenter/SSMKFH/com.ibm.apmaas.doc/install/sql_config_agent_grant_permission_sqlserver.htm.
  3. Grant Modify permission to every drive that the Microsoft SQL Server agent accesses. Complete the following procedures to propagate the permission to all sub directories:
    1. Go to My Computer.
    2. Right-click the drive.
    3. Click the Security tab.
    4. Add the newly created user.
    5. Give Modify permission to the newly created user.
    6. Click OK. This procedure takes a few minutes to apply permission to all sub directories.
  4. By using the Windows Registry, grant read access to HKEY_LOCAL_MACHINE, and propagate the settings. Complete the following steps to propagate the settings:
    1. Right-click the HKEY_LOCAL_MACHINE directory and select Permissions.
    2. Add the newly created user.
    3. Select the newly created user.
    4. Select the Allow Read check box.
    5. Click OK. This procedure takes a few minutes to propagate the settings to the entire HKEY_LOCAL_MACHINE tree.
  5. By using the Windows Registry, grant the agent-specific registry permissions according to the following list.
    • If you installed a 32-bit agent on a 32-bit operating system, grant full access to the KEY_LOCAL_MACHINE\SOFTWARE\IBMMonitoring directory, and then propagate the settings.
    • If you installed a 32-bit agent on a 64-bit operating system, grant full access to the HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Candle directory, and then propagate the settings.
    • If you installed a 64-bit agent on a 64-bit operating system, grant full access to the KEY_LOCAL_MACHINE\SOFTWARE\IBMMonitoring directory, and then propagate the settings.
    Complete the following steps to propagate settings:
    1. Right-click the directory for which you have full access and select Permissions.
    2. Add the newly created user.
    3. Select the newly created user.
    4. Select the Allow Full Control check box.
    5. Click OK. This procedure takes a few minutes to propagate the settings to the entire KEY_LOCAL_MACHINE\SOFTWARE\IBMMonitoring tree.
  6. Add a new User to the Performance Monitor Users and Users group.
  7. Grant Modify permission to the SQL Server data file and log file:
    • The default path of the SQL Server data file is SQLServer_root_dir\DATA, where SQLServer_root_dir is the root directory of the SQL Server instance. For example, if the root directory of the SQL Server instance is C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL, the data file path is 
      C:\Program Files\Microsoft SQL
    Server\MSSQL.1\MSSQL\DATA
      .
    • The default path of the SQL Server log file is SQLServer_root_dir\LOG, where SQLServer_root_dir is the root directory of the SQL Server instance. For example, if the root directory of the SQL Server instance is C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL, the log file path is 
      C:\Program Files\Microsoft SQL
    Server\MSSQL.1\MSSQL\LOG
      .
  8. Grant full permissions to the Candle_Home directory. The default path is C:\IBM\APM.
  9. Apply local security permissions, refer Local Security Policy permissions.
  10. Restart the SQL Server to ensure that local security permissions are applied effectively.
  11. Change the logon settings for the SQL Server agent services to the non-administrator user by completing the following steps:
    1. Click Start > Administrative Tools > Services.
    2. Right-click the Monitoring Agent For SQL Server instance_name, and click Properties. The SQL Service Properties window opens.
    3. Click Log On tab.
    4. Click This account and type the user name.
    5. In the Password and Confirm Password fields, enter the password, and click OK.
    6. Repeat steps b to e for the Monitoring Agent For SQL Server Collector instance_name, where instance_name is the Microsoft SQL Server instance name.